The XOOPS cookie authentication procedure is the missing link to the solution. While the JS example above shows how PCR auth get stuffed with variables, I have not succeeded in finding how the data gets picked off from XOOPS 2.5.0. Documentation appears non-existent on Google and elsewhere. Do you have info or can you point me to how this is typically done in a module? Another point of interest is how the content of an external app can be framed into the center column container display rather than target=_blank.
If this spec or related example were available, I could probably work out a rough hack (not nearly as good as you guys could pull off, but workable maybe).
noobaru